Choice Health Management Services Notice of Data Breach

 

 

Choice Health Management Services Notice of Data Breach

Choice Health Management Services, LLC (“Choice Health Management Services”) is providing notice of an incident on behalf of the following facilities that may affect the privacy of personal information relating to certain employees, and current or former patients or residents of these facilities:

Universal Health Care/Blumenthal, Inc.                    Universal Health Care/Fletcher, Inc.

Brian Center Nursing/St. Andrews, LLC                   Universal Health Care/Fuquay-Varina, Inc.

Catawba Valley Assisted Living, LLC                         Universal Health Care/Greenville, Inc.

Universal Health Care/Lenoir, Inc.                            Universal Health Care/King, Inc.

Litchford Falls Healthcare & Rehabilitation Center  Universal Health Care/Lillington, Inc.

Saturn Health, Inc.                                                      Universal Health Care/North Raleigh, Inc.

Universal Health Care/Brunswick, Inc.                      Universal Health Care/Oxford, Inc.

Universal Health Care/Concord, Inc.                         Universal Health Care/Ramseur, Inc.

In late 2019, Choice Health Management Services discovered suspicious activity in certain Choice Health Management Services employee email accounts.  With the assistance of third-party forensic investigators, Choice Health Management Services launched an investigation into the nature and scope of this incident. On January 17, 2020, Choice Health Management Services confirmed that certain employee email accounts were subject to unauthorized access, but was unable to determine what, if any, individual emails or attachments within the accounts were subject to unauthorized access. With the assistance of a third-party firm, Choice Health Management Services then began a comprehensive and time-intensive review process of the email accounts subject to unauthorized access to determine what, if any, sensitive information they contained. On March 27, 2020, the review concluded, and Choice Health Management Services learned that personal health information was contained in certain email accounts. However, since the vendor was unable to link a large number of the individuals to the facility where the individuals sought treatment, Choice Health Management Services began a review of its internal records to determine this information. On May 12, 2020, Choice Health Management Services completed its internal review and determined which individuals received care from a facility associated with Choice Health Management Services.  On April 16, 2020 and again on May 22, 2020, Choice Health Management Services notified facilities about the event and requested permission to provide patients and residents with notice, which was subsequently granted.

The information potentially impacted by this event varied by individual but included first and last names and one or more of the following data elements: date of birth, Social Security number, driver's license number, passport number, credit card information, financial account information, employer identification number, username with password or associated security questions, email address with password or associated security questions, date of service, provider name, medical record number, patient number, medical information, diagnostic or treatment information, surgical information, medications, and/or health insurance information.  At this time, Choice Health Management Services is unaware of any actual misuse of personal information relating to this event and is providing this notice in an abundance of caution. 

The security, privacy, and confidentiality of sensitive information are among Choice Health Management Services’ highest priorities. Upon learning of this incident, Choice Health Management Services blocked access to the email accounts, changed the users’ account credentials, rebuilt computers to eradicate any potential virus or malware from the computer, and launched an in-depth investigation to determine the nature and scope of the incident. As part of Choice Heath Management Services’ ongoing commitment to the privacy of personal information in its care, Choice Heath Management Services reviewed its privacy policies and procedures, and implemented additional safeguards to further secure the information in its systems.  Choice Health Management Services also notified the facilities listed above and requested permission to provide notice on their behalf.

Individuals seeking additional information regarding this event can call our toll-free dedicated assistance line at (844) 958-2766.  This toll-free line is available Monday – Friday from 9:00 am to 6:30 pm EDT.

Steps You Can Take to Protect Your Information

 

Monitor Your Accounts/Credit Reports

We encourage you to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

 

You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

 

Experian

P.O. Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/freeze/center.html  

 

TransUnion

P.O. Box 160

Woodlyn, PA 19094

1-888-909-8872

www.transunion.com/credit-freeze

Equifax

P.O. Box 105788

Atlanta, GA 30348-5788

1-800-685-1111

www.equifax.com/personal/credit-report-services

 

In order to request a security freeze, you will need to provide the following information:

 

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
  7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

 

As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed below:

 

Experian

P.O. Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/fraud/center.html  

TransUnion

P.O. Box 2000

Chester, PA 19016

1-800-680-7289

www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069

Atlanta, GA 30348

1-888-766-0008

www.equifax.com/personal/credit-report-services

 

Additional Information

 

You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.

 

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.      

For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-566-7226 or 1-919-716-6000, www.ncdoj.gov. You can obtain information from the Attorney General or the Federal Trade Commission about preventing identity theft.